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CLAIMS 



1. A system comprising: 

a forwarding component that forwards packets; 

a classifying component that classifies packets and is capable of classifying 
packets for the forwarding component; 

a session tracking component that tracks sessions for at least one of the 
forwarding component and the classifying component; 

a health and load handling component that is capable of providing health 
and load information to the classifying component; and 

a high availability mechanism that provides detection of, handling of, and 
recovery from a failure of one or more of the forwarding component, the 
classifying component, the session tracking component, and the health and load 
handling component. 

2. The system as recited in claim 1, wherein the system further 
comprises: 

a request routing component that is capable of routing logical requests; 
wherein the high availability mechanism provides detection of, handling of, 
and recovery from a failure of the request routing component. 
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3. The system as recited in claim 1, wherein the high availability 
mechanism provides detection of, handling of, and recovery from a failure of the 
forwarding component; the high availability mechanism including capabilities for 
detection of a failure at the forwarding component by at least one load-balancing- 
aware switch, redirection of packets to at least one other forwarding component, 
and rebuilding of lost routes with a distributed session tracking manager. 

4. The system as recited in claim 1, wherein the high availability 
mechanism provides detection of, handling of, and recovery from a failure of the 
classifying component; the high availability mechanism including capabilities for 
detection of a failure at the classifying component by at least one forwarding 
component, redirection of packets to at least one other classifying component, and 
rebuilding of lost session information with a distributed session tracking manager. 

5. The system as recited in claim 1, wherein the high availability 
mechanism provides detection of, handling of, and recovery from a failure of the 
session tracking component; the high availability mechanism including 
capabilities for detection of a failure at the session tracking component by at least 
one forwarding component and/or classifying component and for distributed and 
redundant storage of session information. 
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6. The system as recited in claim 1, wherein the high availability 
mechanism provides detection of, handling of, and recovery from a failure of the 
health and load handling component; the high availability mechanism including 
capabilities for detection of a failure at the health and load handling component by 
at least one classifying component and for rebuilding of a cache of health and load 
information using a message protocol. 

7. The system as recited in claim 1, wherein the high availability 
mechanism provides detection of, handling of, and recovery from a failure of the 
health and load handling component; the high availability mechanism including 
capabilities for redundant storing of health and load information and for 
authoritative storing of health and load information at hosts to which the health 
and load information pertains. 

8. The system as recited in claim 1, wherein the forwarding component, 
the classifying component, the session tracking component, and the health and 
load handling component are resident at and executing on at least two different 
devices. 
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9. An arrangement for highly available network load balancing 
infrastructure, the arrangement comprising: 

a plurality of different means for load balancing network traffic; 
detection means for detecting a failure of one or more of the plurality of 
different means for load balancing; 

handling means for handling the failure; and 
recovery means for recovering from the failure. 

10. The arrangement as recited in claim 9, wherein the plurality of 
different means for load balancing includes at least one forwarder means for 
forwarding packets. 

11. The arrangement as recited in claim 9, wherein the plurality of 
different means for load balancing includes at least one classifier means for 
classifying packets. 

12. The arrangement as recited in claim 9, wherein the plurality of 
different means for load balancing includes at least one request router means for 
routing packets on a request-level. 

13. The arrangement as recited in claim 9, wherein the plurality of 
different means for load balancing includes at least one session tracker means for 
tracking sessions. 
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14. The arrangement as recited in claim 9, wherein the plurality of 
different means for load balancing includes at least one health and load handler 
means for handling health and load information. 

15. The arrangement as recited in claim 9, wherein the arrangement 
comprises at least one system. 

8 16. The arrangement as recited in claim 9, wherein the arrangement 

9 comprises one or more processor-accessible media. 
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17. A network load balancing system comprising: 

a first device that includes forwarding functionality; and 

a second device that includes classifying functionality, the classifying 

functionality performing classifying for the forwarding functionality; 

wherein hardware of the first device differs from hardware of the second 

device. 

18. The network load balancing system as recited in claim 17, wherein 
the hardware of the first device is especially tuned for the forwarding 
functionality, and the hardware of the second device is especially tuned for the 
classifying functionality. 
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19. The network load balancing system as recited in claim 17, wherein 
the hardware of the first device has a relatively greater ability to accommodate a 
high packet flux, and the hardware of the second device has a relatively greater 
ability to accommodate processing-intensive tasks. 

20. The network load balancing system as recited in claim 17, wherein 
the hardware of the first device comprises a router or switch, and the hardware of 
the second device comprises a personal computer or server. 

21. One or more processor-accessible media comprising processor- 
executable instructions that, when executed, enable a system to implement a route 
plumbing protocol between a classifying component and a forwarding component 
of network load balancing infrastructure, the route plumbing protocol usable for 
communicating route information between the classifying component and the 
forwarding component. 

22. The one or more processor-accessible media as recited in claim 21, 
wherein the route plumbing protocol is adapted to enable the classifying 
component to send to the forwarding component an add route instruction and a 
delete route instruction; the add route instruction causing the forwarding 
component to add a route for a connection to a stipulated host, the delete route 
instruction causing the forwarding component to delete a previously-added route. 



137 



Atty Docket No. MS 1 - 1 5 1 8US. PATAPP 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 



23. The one or more processor-accessible media as recited in claim 21, 
wherein the route plumbing protocol is adapted to enable the classifying 
component to send to the forwarding component an add route instruction and a 
delete route instruction from a first device including the classifying component to 
a second device including the forwarding component. 

24. A method comprising: 

receiving a packet requesting a new connection at a forwarding component; 
sending the packet from the forwarding component to a classifying 
component; 

selecting, by the classifying component, a route for the new connection; 

and 

plumbing, by the classifying component, the route for the new connection 
by causing a new entry to be added in a local routing table of the forwarding 
component. 

25. The method as recited in claim 24, wherein the sending comprises: 
sending the packet from a first device including the forwarding 

component to a second device including the classifying component. 

26. The method as recited in claim 24, wherein the selecting comprises: 
selecting the route for the new connection responsive to a 

preexisting session and based on a session identifier in the packet. 
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27. The method as recited in claim 24, wherein the selecting comprises: 
selecting the route for the new connection responsive to health and 

load information for a plurality of hosts. 

28. The method as recited in claim 24, wherein the plumbing comprises: 
sending an add route instruction from the classifying component to 

the forwarding component. 

29. The method as recited in claim 24, further comprising: 

checking, by the forwarding component, the local routing table of the 
forwarding component to determine that the packet is not for an existing 
connection. 

30. The method as recited in claim 24, further comprising: 

adding, by the classifying component, a session information entry for the 
route for the new connection in a distributed session-tracking table. 
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31. The method as recited in claim 24, further comprising: 

adding, by the classifying component, a session information entry for the 
route for the new connection in a distributed and replicated session-tracking table; 
the new connection corresponding to a transmission control protocol/internet 
protocol (TCP/IP) connection; the distributed and replicated session-tracking table 
including at least one session information entry that corresponds to a higher-level 
session in addition to the session information entry for the route for the new 
connection. 

32. The method as recited in claim 31, wherein the higher-level session 
comprises a secure sockets layer (SSL) session. 

33. A method comprising: 

receiving a packet requesting a new session at a forwarding component; 
sending the packet from the forwarding component to a classifying 
component; 

determining, by the classifying component, that the requested new session 
fails to meet at least one firewall inspection policy; and 

plumbing, by the classifying component, a route for the requested new 
session that results in packets for the requested new session being dropped. 

34. The method as recited in claim 33, wherein the requested new 
session comprises a requested new connection. 
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35. One or more processor-accessible media comprising processor- 
executable instructions that, when executed, direct a system to perform actions 
comprising: 

receiving a token allotment at traffic routing functionality from health and 
load functionality, the token allotment having a first plurality of tokens for a first 
destination and a second plurality of tokens for a second destination; 

consuming, by the traffic routing functionality, a token of the first plurality 
of tokens when selecting the first destination for a connection request; and 

consuming, by the traffic routing functionality, a token of the second 
plurality of tokens when selecting the second destination for a connection request. 

36. The one or more processor-accessible media as recited in claim 35, 
comprising the processor-executable instructions that, when executed, direct the 
system to perform further actions comprising: 

accumulating, by the health and load functionality, health and load 
information from a plurality of hosts, the plurality of hosts including the first 
destination and the second destination; and 

determining, by the health and load functionality, the token allotment 
responsive to the health and load information. 
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37. The one or more processor-accessible media as recited in claim 35, 
comprising the processor-executable instructions that, when executed, direct the 
system to perform a further action comprising: 

selecting, by the traffic routing functionality, the token from between the 
first plurality of tokens and the second plurality of tokens for the consuming using 
a round-robin approach, a linear approach, or a current greater/greatest number of 
tokens approach. 

38. The one or more processor-accessible media as recited in claim 35, 
wherein the first destination corresponds to a first application endpoint and the 
second destination corresponds to a second application endpoint. 

39. The one or more processor-accessible media as recited in claim 38, 
wherein the first application endpoint and the second application endpoint 
correspond to a same application type. 

40. The one or more processor-accessible media as recited in claim 35, 
wherein the traffic routing functionality comprises at least one of classifying 
functionality and request routing functionality. 
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41. The one or more processor-accessible media as recited in claim 35, 
comprising the processor-executable instructions that, when executed, direct the 
system to perform a further action comprising: 

receiving another token allotment at the traffic routing functionality from 
the health and load functionality, the other token allotment having a third plurality 
of tokens for a third destination and a fourth plurality of tokens for a fourth 
destination. 

42. The one or more processor-accessible media as recited in claim 41, 
wherein the first destination and the second destination correspond to one 
application type, and the third destination and the fourth destination correspond to 
another application type. 
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43. One or more processor-accessible media comprising processor- 
executable instructions that, when executed, direct a system to perform actions 
comprising: 

receiving, by a classifying component, a packet having a session reference 
from a forwarding component; 

searching, at least partly by the classifying component, a distributed session 
tracking table to find a session information entry having a session identifier that 
matches the session reference; 

extracting, by the classifying component, a host identifier from the session 
information entry having the session identifier that matches the session reference; 
and 

plumbing, by the classifying component, a route in a local routing table of 
the forwarding component, the route for a connection that is associated with the 
packet. 

44. The one or more processor-accessible media as recited in claim 43, 
comprising the processor-executable instructions that, when executed, direct the 
system to perform a further action comprising: 

forwarding, by the forwarding component, the packet to a host identified by 
the host identifier. 
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45. The one or more processor-accessible media as recited in claim 43, 
comprising the processor-executable instructions that, when executed, direct the 
system to perform a further action comprising: 

forwarding, by the classifying component, the packet to a host identified by 
the host identifier. 

46. The one or more processor-accessible media as recited in claim 43, 
wherein the action of searching comprises an action of: 

sending a query session information entry function call to at least 
one other component. 

47. The one or more processor-accessible media as recited in claim 43, 
wherein the action of plumbing comprises an action of: 

adding, as caused by the classifying component, a connection 
identifier-host identifier pair to the local routing table of the forwarding 
component. 

48. The one or more processor-accessible media as recited in claim 47, 
wherein the connection identifier of the connection identifier-host identifier pair 
comprises a transmission control protocol (TCP) 4-tuple such that the connection 
that is associated with the packet comprises a TCP connection that is treated as a 
session by at least one session tracking component. 
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49. The one or more processor-accessible media as recited in claim 47, 
comprising the processor-executable instructions that, when executed, direct the 
system to perform a further action comprising: 

adding, by the classifying component, the connection identifier-host 
identifier pair to the distributed session tracking table. 

50. One or more processor-accessible media comprising processor- 
executable instructions for load balancing infrastructure that, when executed, 
enable a system to perform actions comprising: 

establishing a first connection with a client; 

receiving a first request from the client via the first connection; 

determining, responsive to session information and/or health and load 
information, that the first request is to be routed to a first host via a second 
connection; 

receiving a second request from the client via the first connection; and 
determining, responsive to the session information and/or the health and 

load information, that the second request is to be routed to a second host via a 

third connection. 

51. The one or more processor-accessible media as recited in claim 50, 
comprising the processor-executable instructions that, when executed, enable the 
system to perform further actions comprising: 

establishing the second connection to the first host; and 
establishing the third connection to the second host. 
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52. The one or more processor-accessible media as recited in claim 51, 
wherein the action of establishing the second connection can be performed prior to 
the action of receiving a first request. 

53. The one or more processor-accessible media as recited in claim 51, 
wherein the actions of establishing comprise actions of establishing a transmission 
control protocol (TCP) connection. 

54. The one or more processor-accessible media as recited in claim 50, 
comprising the processor-executable instructions that, when executed, enable the 
system to perform further actions comprising: 

modifying the first request; and 

routing the modified first request to the first host via the second connection. 

55. The one or more processor-accessible media as recited in claim 54, 
wherein the action of modifying comprises at least one action of: 

decrypting the first request; and 

aggregating the first request with one or more other requests. 



147 



Atty Docket No. MS 1 - 1 5 1 8US.PATAPP 



56. A system comprising: 

a first classifying component that classifies packets; 

a second classifying component that classifies packets; and 

a forwarding component that forwards packets, the forwarding component 

assigned to the first classifying component to attain classification services 

therefrom; 

wherein the system is adapted to change the forwarding component to be 
assigned to the second classifying component when a failure of the first classifying 
component is detected. 

57. The system as recited in claim 56, wherein the forwarding 
component is capable of detecting the failure of the first classifying component. 

58. The system as recited in claim 56, wherein the forwarding 
component is capable of reassigning itself to the second classifying component 
when the failure of the first classifying component is detected. 

59. The system as recited in claim 56, wherein the first classifying 
component and the second classifying component classify packets responsive to 
session information and/or health and load information. 

60. The system as recited in claim 56, wherein the system comprises at 
least one of a network load balancer and a firewall. 
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61. One or more processor-accessible media comprising processor- 
executable instructions that, when executed, enable a system to perform actions 
comprising: 

receiving a first packet for a connection at first forwarding functionality; 
plumbing a route for the connection at the first forwarding functionality; 
receiving a second packet for the connection at second forwarding 
functionality; and 

plumbing the route for the connection at the second forwarding 
functionality using a distributed session tracking table. 

62. The one or more processor-accessible media as recited in claim 61, 
wherein the actions of plumbing a route for the connection at the first forwarding 
functionality and plumbing the route for the connection at the second forwarding 
functionality are performed by a single classifying functionality. 

63. The one or more processor-accessible media as recited in claim 61, 
wherein the action of plumbing a route for the connection at the first forwarding 
functionality is performed by first classifying functionality, and the action of 
plumbing the route for the connection at the second forwarding functionality is 
performed by second classifying functionality. 
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64. The one or more processor-accessible media as recited in claim 61, 
comprising the processor-executable instructions that, when executed, enable the 
system to perform a further action comprising: 

experiencing a failure at the first forwarding functionality prior to the action 
of receiving a second packet for the connection at second forwarding functionality. 

65. The one or more processor-accessible media as recited in claim 61, 
wherein the action of plumbing the route for the connection at the second 
forwarding functionality using a distributed session tracking table comprises an 
action of: 

plumbing the route for the connection at the second forwarding 
functionality using the distributed session tracking table that is replicated to 
at least one level. 

66. The one or more processor-accessible media as recited in claim 61, 
wherein the action of plumbing the route for the connection at the second 
forwarding functionality using a distributed session tracking table comprises an 
action of: 

making a query connection function call to a distributed session 
tracking manager that manages the distributed session tracking table. 
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67. One or more processor-accessible media comprising processor- 
executable instructions that, when executed, direct a system to perform actions 
comprising: 

receiving a message having a content indicator for a health and/or load 
table of a host; 

comparing the content indicator for the health and/or load table of the host 
to at least part of local cache contents; and 

if the at le&st part of local cache contents are not equivalent to the content 
indicator for the health and/or load table of the host, sending a message requesting 
content of the health and/or load table of the host. 

68. The one or more processor-accessible media as recited in claim 67, 
comprising the processor-executable instructions that, when executed, direct the 
system to perform a further action comprising: 

receiving a message having the requested content of the health and/or load 
table of the host. 

69. The one or more processor-accessible media as recited in claim 68, 
wherein the message having the requested content of the health and/or load table 
of the host comprises a send table snapshot message. 

70. The one or more processor-accessible media as recited in claim 67, 
wherein the actions of receiving and sending comprise the respective actions of 
receiving from the host and sending towards the host. 
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71. The one or more processor-accessible media as recited in claim 67, 
wherein the content indicator for the health and/or load table of the host comprises 
error checking data. 

72. The one or more processor-accessible media as recited in claim 67, 
wherein the content indicator for the health and/or load table of the host 
corresponds to at least one of (i) an entirety of the health and/or load table of the 
host and (ii) a portion of the health and/or load table of the host. 

73. The one or more processor-accessible media as recited in claim 67, 
wherein the message having the content indicator for the health and/or load table 
of the host comprises a heartbeat message. 

74. The one or more processor-accessible media as recited in claim 67, 
wherein the message requesting content of the health and/or load table of the host 
comprises a get table snapshot message. 
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